The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The computer-implemented method of claim 1, wherein the application action comprises attempting to execute the module, load the module, or access the module.
3. The computer-implemented method of claim 1, wherein scanning the module comprises identifying one or more files associated with the module, the one or more files comprising an executable file, an object code file, or dynamic link libraries.
4. The computer-implemented method of claim 1, wherein generating a sensitivity level of the module based on the module attributes comprises categorizing the module attributes into one of a group of predefined sensitivity levels.
5. The computer-implemented method of claim 1, wherein the sensitivity level comprises a range of sensitivity level values from a low sensitivity level to a high sensitivity level and the trust level comprises a range of trust level values from a low trust level to a high trust level and determining whether to prevent access by the application to the module based on the sensitivity level and the trust level comprises: cross-correlating a sensitivity level value of the range of the sensitivity level values to a trust level value of the range of the trust level values to arrive at a combined sensitivity and trust level combination and basing whether to prevent access to the module by the application on the sensitivity and the trust level combination.
9. The system of claim 8, wherein the application action comprises attempting to execute the module, load the module, or access the module.
10. The system of claim 8, wherein scanning the module comprises identifying one or more files associated with the module, the one or more files comprising an executable file, an object code file, or dynamic link libraries.
11. The system of claim 8, wherein generating a sensitivity level of the module based on the module attributes comprises categorizing the module attributes into one of a group of predefined sensitivity levels.
12. The system of claim 8, wherein the sensitivity level comprises a range of sensitivity level values from a low sensitivity level to a high sensitivity level and the trust level comprises a range of trust level values from a low trust level to a high trust level and determining whether to prevent access by the application to the module based on the sensitivity level and the trust level comprises: cross-correlating a sensitivity level value of the range of sensitivity level values to a trust level value of the range of trust level values to arrive at a combined sensitivity and trust level combination and basing whether to prevent access to the module by the application on the sensitivity and the trust level combination.
16. The computer storage device of claim 15, wherein the application action comprises attempting to execute the module, load the module, or access the module.
17. The computer storage device of claim 15, wherein scanning the module comprises identifying one or more files associated with the module, the one or more files comprising an executable file, an object code file, or dynamic link libraries.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 1, 2021
January 10, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.